Industrial anomaly detection successfully installed at energy grid operator

, Leipzig

Leipzig, Germany, January 30, 2018 - In December 2017, the German technology company Rhebo successfully rolled out the latest version of its industrial anomaly detection Rhebo Industrial Protector at a major German energy grid operator. The current solution for monitoring the telecontrol of critical infrastructures advances the established functions of the automatic anomaly detection by facilitating data integration and simplifying the management of reported anomalies. With the new functions of the Rhebo Industrial Protector 2.0, operators of critical infrastructures in the energy, gas and water industries will be even more empowered to effectively management of their telecontrol systems, thereby strengthening security and stability of their processes.

Operators of critical infrastructures benefit from Rhebo Industrial Protector 2.0 through:

  • faster reaction time due to intelligent risk scoring of anomalies;
  • enhanced clarity regarding the current state of telecontrol systems due to expanded filter options;
  • increased cyber security and compliance, control and process stability due to comprehensive digital transparency;
  • reduced costs and lean processes due to automated data integration in backend systems like SIEM and control station.

Rhebo Industrial Protector 2.0 provides the following expanded functions:

  • Asset- and incident-centric network mapping: Rhebo Industrial Protector 2.0 combines the established approach of incident-centric monitoring with a comprehensive asset-based inventory as well as the visualization of communication structures (workflow-centric) within telecontrol systems. In conjunction with the proven Deep Packet Inspection technology, all elements in the network become visible. Operators gain complete transparency and control over the quality of their telecontrol technology and strengthen the compliance of their systems.
  • Dynamic risk score: The risk assessment evaluates each occurring anomaly individually, according to the impact of the commands contained in the data package, as well as the relevance of the affected components in the network. The risk score thus allows operators to immediately assess the relevance for the production and supply processes and facilitates real-time reaction and security.
  • Intelligent anomaly tracking: Recurring anomalies or anomalies with identical patterns are identified, correlated, and reported as recurrences. Operators can thus assess whether a network failure is systematic, a suspicious access is retried, or a past countermeasure was breached.
  • Full data integration: The detailed anomaly data, including PCAP, can be transferred to any network-integrated backend system. It supports both standard interfaces such as REST-API, as well as all formats common in critical infrastructures such as IEC 104, Syslog, IPFIX, SNMP and others. Thus, the company’s big data strategy, process optimization and legal reporting obligations are specifically supported.
  • Quick-view filters: Operators can sort anomaly reports by devices, protocol types, functions, and data packet values or commands. The individually configurable filters ensure operators a quick overview and clarity on all incidents in their telecontrol system. Furthermore, they put anomalies in context and thus allow conclusions about their source. In combination with the risk score, this ensures actionability and high efficiency of measures.
  • Effective big data automation: Operators can also assign transmission rules to filter categories to send anomaly reports to other backend systems. For example, operators can categorize security-related anomaly reports and automatically transmit them to a firewall. Process-related anomaly reports might be sent to the control station. The automation of data transmission thus supports the division of labor in the company and the establishment of a liability-oriented ticket system.

With Rhebo Industrial Protector 2.0, operators of critical infrastructure can effectively implement their strategy for ensuring security of supply, cybersecurity and process stability. Thus, Rhebo is the only German manufacturer of an industrial anomaly detection comprehensively supporting the defense-in-depth strategy of critical infrastructures and Industry 4.0 companies.

For more information on Rhebo Industrial Protector 2.0 please visit A demo version can be ordered under



Jens Pacholsky
Rhebo GmbH | Spinnereistr. 7 | 04179 Leipzig
Phone: +49-341-393-790-0